Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TLS connections fail due to incorrect validation parameters #118

Closed
gbrail opened this issue Jun 9, 2015 · 0 comments
Closed

TLS connections fail due to incorrect validation parameters #118

gbrail opened this issue Jun 9, 2015 · 0 comments
Milestone
Trireme 0.8.6

Comments

@gbrail
Copy link
Contributor

gbrail commented Jun 9, 2015

When establishing a TLS connection, in order to maintain compatibility with Node, we first negotiate the connection, and then manually check the certificate's validity by calling X509TrustManager.check[Client|Server]Trusted, with the argument "RSA."

However, the trust manager actually supports all kinds of verification parameters, and "RSA" is not the right choice in all cases. (And the Java docs are completely un-helpful here -- only the source tells us anything.)

The answer is to check the name of the cipher suite that was negotiated and use part of that, so that we use "RSA," or "ECDHE_ECDSA", and many other choices depending on the suite.

The result of this bug is that Trireme was not able to connect to "graph.facebook.com."
@gbrail gbrail added this to the Trireme 0.8.6 milestone Jun 18, 2015
@gbrail gbrail closed this as completed Jun 18, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
Trireme 0.8.6
Development

No branches or pull requests
1 participant
@gbrail